To help verify a user’s identity in the case of a lost password, many Web applications use secret questions. But secret questions, if not handled properly, can actually be a security risk.
Author: Mark BurnettCode: ASP.NET v1.1 & C#